Browser Flaw Shows The Country You’re In
One of the big problems cited by critics of popular sites online is just how much of your location information is broadcast out online. Not only do mobile phones and social media apps leak your location to the internet, but also websites do too, according to new research out of the University of Singapore.
The way hackers manage to discover what your actual location is involves clever usage of pinging queries to websites that track your location. Google and Craigslist were cited as methods by which one can detect your local area – these sites display unique identifiers to people connecting to them when a request for data is made.
Versions of websites that show up in certain areas are also a culprit. Simply logging onto Google from some places spawns a custom url, like Google.co.uk or Google.ca. These sites basically act as beacons which replay the loction information of anyone attempting to access them in a hugely public setting.
According to the research, an average of 62% of top Alexa rated websites in the U.S., Australia, Japan, Singapore, and the U.K. are prone to this location leaking issue. University of Singapore researcher Yaoqi Jia revealed that the problem is found on nearly all browsers, including Chrome, Firefox, Internet Explorer, Opera, and Safari. he went on to state that “No existing defenses are efficient to defeat such attacks,”.
The main source of problem is cached information – stuff that’s saved onto a temporary folder in your computer for ease of access and to speed up loading times. This information can also be sniffed out and used to narrow down your location based on how long it takes to load the info.
This means that it doesn’t even require malware to be installed on your computer – all a hacker needs to do is create a website that includes scripts designed to probe your cache. How quickly certain information is loaded denotes where you are by measuring which cached files are loaded and how quickly they are accessed.
SEE ALSO: Phones Have Unused FM Radio Chips
Prevention of course requires clearing your cache, it’s an advanced technique which people nearly always overlook. No browser as of yet offers automated cache clearing, so it’s even less likely that people have tried. Of course, browsers like Tor which offer anonymous services can make the problem less significant, but it’s not an 100% watertight solution.
For now we’ll probably have to wait until major browser creators look into or try to fix the problem. You can’t really encrypt or secure cached data in a very simple way without slowing down load times, which of course renders the cache functionally useless as a method of speeding things up.
Via: Daily Dot